Guest Serge Posted July 30, 2008 Posted July 30, 2008 Windows XP Media Center Edition 2005 SP3 CA Anti-Virus Plus CA Anti-Spyware 2008 ---------------------------------------------------------- A scan with CA Anti-Spyware 2008 found a Zuten Trojan. CA Anti-Spyware was set to delete spyware and cookies automatically once quarantined. Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump and 3 cookies were also found Quarantine is empty, I can only assume that the 3 cookies and the Zuten Trojan were deleted. ..The c:\windows\minidump file can not be found. I can only assume that the file was deleted by the CA Anti-Spyware with the Zuten Trojan. At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. I also ran a complete Windows Live One Care and nothing was found. My computer appears to be running normally. Should I be taking any further action? If I am in the wrong place, please point me in the right direction. Serge Quote
Guest MowGreen [MVP] Posted July 30, 2008 Posted July 30, 2008 Serge, CA detecting a "trojan" in a minidump file 'sounds' like it's a False Positive. Perhaps it's detecting that the system is sending the minidump file to Microsoft and thinks it's a "trojan" ? In XP, the Default location of minidump files is in the Minidump subfolder located at WINDOWS\Minidump Is anything present in that subfolder and, have you read CA's page on Zuten ? http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752 MowGreen [MVP 2003-2008] =============== -343- FDNY Never Forgotten =============== Serge wrote: <span style="color:blue"> > Windows XP Media Center Edition 2005 > SP3 > CA Anti-Virus Plus CA Anti-Spyware 2008 > ---------------------------------------------------------- > A scan with CA Anti-Spyware 2008 found a Zuten Trojan. > > CA Anti-Spyware was set to delete spyware and cookies automatically once > quarantined. > > Log shows: Quarantined Zuten Trojan was in Folder: C:windowsminidump > and 3 cookies were also found > > Quarantine is empty, I can only assume that the 3 cookies and the Zuten > Trojan were deleted. > > .The c:windowsminidump file can not be found. I can only assume that the > file was deleted by the CA Anti-Spyware with the Zuten Trojan. > > At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. > I also ran a complete Windows Live One Care and nothing was found. > > My computer appears to be running normally. Should I be taking any further > action? > > If I am in the wrong place, please point me in the right direction. > > Serge > </span> Quote
Guest Serge Posted July 30, 2008 Posted July 30, 2008 MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False MG>Positive. Yes, that is my wish. I did not mention that I was also running Comodo BO Clean in the background. MG> In XP, the Default location of minidump files is in the Minidump MG> subfolder located at WINDOWS\Minidump. Is anything present in that MG> subfolder…. CA Anti-Spyware was set to delete spyware and cookies automatically once quarantined. The c:\windows\minidump subfolder can not be found. I can only assume that it was deleted by the CA Anti-Spyware as it assumed that it contained the Zuten Trojan. Do I need to make a minidump subfolder? If yes how do I do it? MG> and, have you read CA's page on Zuten? MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752 Yes, I did read the CA’s page on Zuten. Thanks for your help. Serge "MowGreen [MVP]" wrote: <span style="color:blue"> > Serge, > > CA detecting a "trojan" in a minidump file 'sounds' like it's a False > Positive. Perhaps it's detecting that the system is sending the minidump > file to Microsoft and thinks it's a "trojan" ? > In XP, the Default location of minidump files is in the Minidump > subfolder located at WINDOWSMinidump > Is anything present in that subfolder and, have you read CA's page on > Zuten ? > http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752 > > > MowGreen [MVP 2003-2008] > =============== > -343- FDNY > Never Forgotten > =============== > > > > Serge wrote: > <span style="color:green"> > > Windows XP Media Center Edition 2005 > > SP3 > > CA Anti-Virus Plus CA Anti-Spyware 2008 > > ---------------------------------------------------------- > > A scan with CA Anti-Spyware 2008 found a Zuten Trojan. > > > > CA Anti-Spyware was set to delete spyware and cookies automatically once > > quarantined. > > > > Log shows: Quarantined Zuten Trojan was in Folder: C:windowsminidump > > and 3 cookies were also found > > > > Quarantine is empty, I can only assume that the 3 cookies and the Zuten > > Trojan were deleted. > > > > .The c:windowsminidump file can not be found. I can only assume that the > > file was deleted by the CA Anti-Spyware with the Zuten Trojan. > > > > At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. > > I also ran a complete Windows Live One Care and nothing was found. > > > > My computer appears to be running normally. Should I be taking any further > > action? > > > > If I am in the wrong place, please point me in the right direction. > > > > Serge > > </span> > </span> Quote
Guest MowGreen [MVP] Posted July 31, 2008 Posted July 31, 2008 The Minidump subfolder in the WINDOWS directory should be recreated if/when another minidump is made. You could recreate it if you really want to. You could post to a CA User Group Forum and see if anyone else received the same False Positive: http://causergroups.ca.com/ MowGreen [MVP 2003-2008] =============== -343- FDNY Never Forgotten =============== Serge wrote: <span style="color:blue"> > MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False > MG>Positive. > > Yes, that is my wish. I did not mention that I was also running Comodo BO > Clean in the background. > > MG> In XP, the Default location of minidump files is in the Minidump > MG> subfolder located at WINDOWSMinidump. Is anything present in that > MG> subfolder…. > > CA Anti-Spyware was set to delete spyware and cookies automatically once > quarantined. The c:windowsminidump subfolder can not be found. I can only > assume that it was deleted by the CA Anti-Spyware as it assumed that it > contained the Zuten Trojan. > > Do I need to make a minidump subfolder? If yes how do I do it? > > MG> and, have you read CA's page on Zuten? > MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752 > > Yes, I did read the CA’s page on Zuten. > > Thanks for your help. > > Serge > > > "MowGreen [MVP]" wrote: > > <span style="color:green"> >>Serge, >> >>CA detecting a "trojan" in a minidump file 'sounds' like it's a False >>Positive. Perhaps it's detecting that the system is sending the minidump >>file to Microsoft and thinks it's a "trojan" ? >>In XP, the Default location of minidump files is in the Minidump >>subfolder located at WINDOWSMinidump >>Is anything present in that subfolder and, have you read CA's page on >>Zuten ? >>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752 >> >> >>MowGreen [MVP 2003-2008] >>=============== >> -343- FDNY >>Never Forgotten >>=============== >> >> >> >>Serge wrote: >> >><span style="color:darkred"> >>>Windows XP Media Center Edition 2005 >>>SP3 >>>CA Anti-Virus Plus CA Anti-Spyware 2008 >>>---------------------------------------------------------- >>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan. >>> >>>CA Anti-Spyware was set to delete spyware and cookies automatically once >>>quarantined. >>> >>>Log shows: Quarantined Zuten Trojan was in Folder: C:windowsminidump >>>and 3 cookies were also found >>> >>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten >>>Trojan were deleted. >>> >>>.The c:windowsminidump file can not be found. I can only assume that the >>>file was deleted by the CA Anti-Spyware with the Zuten Trojan. >>> >>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. >>>I also ran a complete Windows Live One Care and nothing was found. >>> >>> My computer appears to be running normally. Should I be taking any further >>>action? >>> >>>If I am in the wrong place, please point me in the right direction. >>> >>>Serge >>></span> >></span></span> Quote
Guest Serge Posted August 1, 2008 Posted August 1, 2008 MG> The Minidump subfolder in the WINDOWS directory should be MG> recreated if/when another minidump is made. As it is not needed, I will let it recreate itself. MG>You could post to a CA User Group Forum and see if anyone MG> else received the same False Positive: In CA Home/Home Office Forum I have managed to find the following message dated 31/07/2008: ---------------------------------------------------------------------------------------------- Hello, This is the best string I could find for MY message. I have been a McAfee user for years, and currently have their "Total Protection" software installed. However, I have never totally trusted their anti-spy software, thus I had also purchased CA Anti-Spy. Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer, and reported it as a password stealer! I immediately quarantined it, and the deleted it as well! I also immediately began changing ALL of my passwords! However, before I could re-set one of my site passwords for the "Stats function" it had ALREADY been accessed! Luckily, the site wasn't imperative, thus doing little/no harm! My point is THIS! My McAfee was in FULL action, and active, YET it NEVER detected a thing! It was my CA Anti-spy, which located, and warned me about the TROJAN!! Thank YOU CA!!! End of message. ------------------------------------------------------------------------------------------------ In c:\windows\debug\ I found a file called Passwd.log. The log was blank. I could not find any sensible info on this Passwd.log. Unless I can find otherwise, I will treat my “Trojan Zuten†as a false positive. I am open to any further suggestions. Thanks for your help. Serge "MowGreen [MVP]" wrote: <span style="color:blue"> > The Minidump subfolder in the WINDOWS directory should be recreated > if/when another minidump is made. You could recreate it if you really > want to. > You could post to a CA User Group Forum and see if anyone else received > the same False Positive: http://causergroups.ca.com/ > > > MowGreen [MVP 2003-2008] > =============== > -343- FDNY > Never Forgotten > =============== > > > Serge wrote: > <span style="color:green"> > > MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False > > MG>Positive. > > > > Yes, that is my wish. I did not mention that I was also running Comodo BO > > Clean in the background. > > > > MG> In XP, the Default location of minidump files is in the Minidump > > MG> subfolder located at WINDOWSMinidump. Is anything present in that > > MG> subfolder…. > > > > CA Anti-Spyware was set to delete spyware and cookies automatically once > > quarantined. The c:windowsminidump subfolder can not be found. I can only > > assume that it was deleted by the CA Anti-Spyware as it assumed that it > > contained the Zuten Trojan. > > > > Do I need to make a minidump subfolder? If yes how do I do it? > > > > MG> and, have you read CA's page on Zuten? > > MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752 > > > > Yes, I did read the CA’s page on Zuten. > > > > Thanks for your help. > > > > Serge > > > > > > "MowGreen [MVP]" wrote: > > > > <span style="color:darkred"> > >>Serge, > >> > >>CA detecting a "trojan" in a minidump file 'sounds' like it's a False > >>Positive. Perhaps it's detecting that the system is sending the minidump > >>file to Microsoft and thinks it's a "trojan" ? > >>In XP, the Default location of minidump files is in the Minidump > >>subfolder located at WINDOWSMinidump > >>Is anything present in that subfolder and, have you read CA's page on > >>Zuten ? > >>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752 > >> > >> > >>MowGreen [MVP 2003-2008] > >>=============== > >> -343- FDNY > >>Never Forgotten > >>=============== > >> > >> > >> > >>Serge wrote: > >> > >> > >>>Windows XP Media Center Edition 2005 > >>>SP3 > >>>CA Anti-Virus Plus CA Anti-Spyware 2008 > >>>---------------------------------------------------------- > >>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan. > >>> > >>>CA Anti-Spyware was set to delete spyware and cookies automatically once > >>>quarantined. > >>> > >>>Log shows: Quarantined Zuten Trojan was in Folder: C:windowsminidump > >>>and 3 cookies were also found > >>> > >>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten > >>>Trojan were deleted. > >>> > >>>.The c:windowsminidump file can not be found. I can only assume that the > >>>file was deleted by the CA Anti-Spyware with the Zuten Trojan. > >>> > >>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. > >>>I also ran a complete Windows Live One Care and nothing was found. > >>> > >>> My computer appears to be running normally. Should I be taking any further > >>>action? > >>> > >>>If I am in the wrong place, please point me in the right direction. > >>> > >>>Serge > >>> > >></span></span> > </span> Quote
Guest Owen Posted August 12, 2008 Posted August 12, 2008 Hey I have the same problem.... Any time I open a widows media file, I get the 'blue screen of death' and the same minidump message. I have scanned with AVG 8.0, micotrend online and others but still no virus found... I have also updated my video card settings.. still no good. I'm sure its a virus after I took USB stick to a friends BRAND NEW computer and executed a couple of files from there, after acouple of hours the pc was doing the exactly the same thing. Has getting rid of the 'Zuten Trojan' solved any of your problems? I am finding it hard to finds any info on it? Any help would be great Owen. "Serge" wrote: <span style="color:blue"> > MG> The Minidump subfolder in the WINDOWS directory should be > MG> recreated if/when another minidump is made. > > As it is not needed, I will let it recreate itself. > > MG>You could post to a CA User Group Forum and see if anyone > MG> else received the same False Positive: > > In CA Home/Home Office Forum I have managed to find the following message > dated 31/07/2008: > ---------------------------------------------------------------------------------------------- > Hello, > This is the best string I could find for MY message. I have been a McAfee > user for years, and currently have their "Total Protection" software > installed. However, I have never totally trusted their anti-spy software, > thus I had also purchased CA Anti-Spy. > > Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer, > and reported it as a password stealer! > > I immediately quarantined it, and the deleted it as well! I also immediately > began changing ALL of my passwords! > > However, before I could re-set one of my site passwords for the "Stats > function" it had ALREADY been accessed! > > Luckily, the site wasn't imperative, thus doing little/no harm! > > My point is THIS! My McAfee was in FULL action, and active, YET it NEVER > detected a thing! It was my CA Anti-spy, which located, and warned me about > the TROJAN!! > > Thank YOU CA!!! > > End of message. > ------------------------------------------------------------------------------------------------ > In c:windowsdebug I found a file called Passwd.log. The log was blank. > I could not find any sensible info on this Passwd.log. Unless I can find > otherwise, I will treat my “Trojan Zuten†as a false positive. > > I am open to any further suggestions. > > Thanks for your help. > > > Serge > > > "MowGreen [MVP]" wrote: > <span style="color:green"> > > The Minidump subfolder in the WINDOWS directory should be recreated > > if/when another minidump is made. You could recreate it if you really > > want to. > > You could post to a CA User Group Forum and see if anyone else received > > the same False Positive: http://causergroups.ca.com/ > > > > > > MowGreen [MVP 2003-2008] > > =============== > > -343- FDNY > > Never Forgotten > > =============== > > > > > > Serge wrote: > > <span style="color:darkred"> > > > MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False > > > MG>Positive. > > > > > > Yes, that is my wish. I did not mention that I was also running Comodo BO > > > Clean in the background. > > > > > > MG> In XP, the Default location of minidump files is in the Minidump > > > MG> subfolder located at WINDOWSMinidump. Is anything present in that > > > MG> subfolder…. > > > > > > CA Anti-Spyware was set to delete spyware and cookies automatically once > > > quarantined. The c:windowsminidump subfolder can not be found. I can only > > > assume that it was deleted by the CA Anti-Spyware as it assumed that it > > > contained the Zuten Trojan. > > > > > > Do I need to make a minidump subfolder? If yes how do I do it? > > > > > > MG> and, have you read CA's page on Zuten? > > > MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752 > > > > > > Yes, I did read the CA’s page on Zuten. > > > > > > Thanks for your help. > > > > > > Serge > > > > > > > > > "MowGreen [MVP]" wrote: > > > > > > > > >>Serge, > > >> > > >>CA detecting a "trojan" in a minidump file 'sounds' like it's a False > > >>Positive. Perhaps it's detecting that the system is sending the minidump > > >>file to Microsoft and thinks it's a "trojan" ? > > >>In XP, the Default location of minidump files is in the Minidump > > >>subfolder located at WINDOWSMinidump > > >>Is anything present in that subfolder and, have you read CA's page on > > >>Zuten ? > > >>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752 > > >> > > >> > > >>MowGreen [MVP 2003-2008] > > >>=============== > > >> -343- FDNY > > >>Never Forgotten > > >>=============== > > >> > > >> > > >> > > >>Serge wrote: > > >> > > >> > > >>>Windows XP Media Center Edition 2005 > > >>>SP3 > > >>>CA Anti-Virus Plus CA Anti-Spyware 2008 > > >>>---------------------------------------------------------- > > >>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan. > > >>> > > >>>CA Anti-Spyware was set to delete spyware and cookies automatically once > > >>>quarantined. > > >>> > > >>>Log shows: Quarantined Zuten Trojan was in Folder: C:windowsminidump > > >>>and 3 cookies were also found > > >>> > > >>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten > > >>>Trojan were deleted. > > >>> > > >>>.The c:windowsminidump file can not be found. I can only assume that the > > >>>file was deleted by the CA Anti-Spyware with the Zuten Trojan. > > >>> > > >>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. > > >>>I also ran a complete Windows Live One Care and nothing was found. > > >>> > > >>> My computer appears to be running normally. Should I be taking any further > > >>>action? > > >>> > > >>>If I am in the wrong place, please point me in the right direction. > > >>> > > >>>Serge > > >>> > > >></span> > > </span></span> Quote
Guest Serge Posted August 13, 2008 Posted August 13, 2008 Owen, O> I have scanned with AVG 8.0, micotrend online and others but still no virus found. Zuten is a Trojan and not a virus but a spyware. Anti Virus program will not find it, wrong tool for the job. O> Has getting rid of the 'Zuten Trojan' solved any of your problems? If you read my message again you will see that I never had any problem. I checked my system with different spyware removers. I could not find any Zuten Trojan so I accepted Mow Green's assumption that it was a “false positiveâ€Â. O> I am finding it hard to find any info on it? The only info I found was that it was a password stealer. O> Any help would be great May I suggest that you start your own thread on the subject, here or on one of the Spyware Forum. Serge "Owen" wrote: <span style="color:blue"> > Hey > > I have the same problem.... Any time I open a widows media file, I get the > 'blue screen of death' and the same minidump message. I have scanned with AVG > 8.0, micotrend online and others but still no virus found... I have also > updated my video card settings.. still no good. > > I'm sure its a virus after I took USB stick to a friends BRAND NEW computer > and executed a couple of files from there, after acouple of hours the pc was > doing the exactly the same thing. > > Has getting rid of the 'Zuten Trojan' solved any of your problems? I am > finding it hard to finds any info on it? > > Any help would be great > > Owen. > > > "Serge" wrote: > <span style="color:green"> > > MG> The Minidump subfolder in the WINDOWS directory should be > > MG> recreated if/when another minidump is made. > > > > As it is not needed, I will let it recreate itself. > > > > MG>You could post to a CA User Group Forum and see if anyone > > MG> else received the same False Positive: > > > > In CA Home/Home Office Forum I have managed to find the following message > > dated 31/07/2008: > > ---------------------------------------------------------------------------------------------- > > Hello, > > This is the best string I could find for MY message. I have been a McAfee > > user for years, and currently have their "Total Protection" software > > installed. However, I have never totally trusted their anti-spy software, > > thus I had also purchased CA Anti-Spy. > > > > Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer, > > and reported it as a password stealer! > > > > I immediately quarantined it, and the deleted it as well! I also immediately > > began changing ALL of my passwords! > > > > However, before I could re-set one of my site passwords for the "Stats > > function" it had ALREADY been accessed! > > > > Luckily, the site wasn't imperative, thus doing little/no harm! > > > > My point is THIS! My McAfee was in FULL action, and active, YET it NEVER > > detected a thing! It was my CA Anti-spy, which located, and warned me about > > the TROJAN!! > > > > Thank YOU CA!!! > > > > End of message. > > ------------------------------------------------------------------------------------------------ > > In c:windowsdebug I found a file called Passwd.log. The log was blank. > > I could not find any sensible info on this Passwd.log. Unless I can find > > otherwise, I will treat my “Trojan Zuten†as a false positive. > > > > I am open to any further suggestions. > > > > Thanks for your help. > > > > > > Serge > > > > > > "MowGreen [MVP]" wrote: > > <span style="color:darkred"> > > > The Minidump subfolder in the WINDOWS directory should be recreated > > > if/when another minidump is made. You could recreate it if you really > > > want to. > > > You could post to a CA User Group Forum and see if anyone else received > > > the same False Positive: http://causergroups.ca.com/ > > > > > > > > > MowGreen [MVP 2003-2008] > > > =============== > > > -343- FDNY > > > Never Forgotten > > > =============== > > > > > > > > > Serge wrote: > > > > > > > MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False > > > > MG>Positive. > > > > > > > > Yes, that is my wish. I did not mention that I was also running Comodo BO > > > > Clean in the background. > > > > > > > > MG> In XP, the Default location of minidump files is in the Minidump > > > > MG> subfolder located at WINDOWSMinidump. Is anything present in that > > > > MG> subfolder…. > > > > > > > > CA Anti-Spyware was set to delete spyware and cookies automatically once > > > > quarantined. The c:windowsminidump subfolder can not be found. I can only > > > > assume that it was deleted by the CA Anti-Spyware as it assumed that it > > > > contained the Zuten Trojan. > > > > > > > > Do I need to make a minidump subfolder? If yes how do I do it? > > > > > > > > MG> and, have you read CA's page on Zuten? > > > > MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752 > > > > > > > > Yes, I did read the CA’s page on Zuten. > > > > > > > > Thanks for your help. > > > > > > > > Serge > > > > > > > > > > > > "MowGreen [MVP]" wrote: > > > > > > > > > > > >>Serge, > > > >> > > > >>CA detecting a "trojan" in a minidump file 'sounds' like it's a False > > > >>Positive. Perhaps it's detecting that the system is sending the minidump > > > >>file to Microsoft and thinks it's a "trojan" ? > > > >>In XP, the Default location of minidump files is in the Minidump > > > >>subfolder located at WINDOWSMinidump > > > >>Is anything present in that subfolder and, have you read CA's page on > > > >>Zuten ? > > > >>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752 > > > >> > > > >> > > > >>MowGreen [MVP 2003-2008] > > > >>=============== > > > >> -343- FDNY > > > >>Never Forgotten > > > >>=============== > > > >> > > > >> > > > >> > > > >>Serge wrote: > > > >> > > > >> > > > >>>Windows XP Media Center Edition 2005 > > > >>>SP3 > > > >>>CA Anti-Virus Plus CA Anti-Spyware 2008 > > > >>>---------------------------------------------------------- > > > >>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan. > > > >>> > > > >>>CA Anti-Spyware was set to delete spyware and cookies automatically once > > > >>>quarantined. > > > >>> > > > >>>Log shows: Quarantined Zuten Trojan was in Folder: C:windowsminidump > > > >>>and 3 cookies were also found > > > >>> > > > >>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten > > > >>>Trojan were deleted. > > > >>> > > > >>>.The c:windowsminidump file can not be found. I can only assume that the > > > >>>file was deleted by the CA Anti-Spyware with the Zuten Trojan. > > > >>> > > > >>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. > > > >>>I also ran a complete Windows Live One Care and nothing was found. > > > >>> > > > >>> My computer appears to be running normally. Should I be taking any further > > > >>>action? > > > >>> > > > >>>If I am in the wrong place, please point me in the right direction. > > > >>> > > > >>>Serge > > > >>> > > > >> > > > </span></span></span> Quote
Guest Serge Posted August 13, 2008 Posted August 13, 2008 "Owen" wrote: <span style="color:blue"> > I am finding it hard to finds any info on it?</span> You may find the info you need at: To find information on the Zuten Spyware go to the CA Spyware Information Centre: http://www.ca.com/us/spyware.aspx In the Find Threats window click on Spyware and in the Search Window enter Zuten and click on Search. Serge Quote
Guest MowGreen [MVP] Posted August 13, 2008 Posted August 13, 2008 Check this page out, Owen - http://onecare.live.com/site/en-us/virusen...rusSearch=Zuten You need to identify the specific variant of Zuten that has infected the system. IF the variant is Win32/Zuten than the Microsoft Windows Malicious Software Removal Tool is supposed to be able to remove it. IF it's been downloaded recently [ June '08 ], then suggest you boot the system to Safe Mode: http://support.microsoft.com/kb/315222 IF it has not been downloaded recently, than do so here: http://www.microsoft.com/downloads/details...&displaylang=en After the download completes, close all open programs and browsers. Now run windows-kb890830-v2.1.exe and then restart the system to Safe Mode. Once in SM, go to Start > Run > type in mrt Click OK or press Enter Wait ... The MRT will open. Click the Next button Put a mark next to ' Full Scan ' Click Next Did the MRT find and remove Zuten ? If necessary, you can check it's log [ mrt.log ] that's located in WINDOWS\Debug to see if anything was detected. Restart the system to normal Windows mode. Next, using Internet Explorer, have the system scanned here: http://onecare.live.com/site/en-us/center/howsafe.htm Did that remove the trojan ? MowGreen [MVP 2003-2008] =============== -343- FDNY Never Forgotten =============== Owen wrote: <span style="color:blue"> > Hey > > I have the same problem.... Any time I open a widows media file, I get the > 'blue screen of death' and the same minidump message. I have scanned with AVG > 8.0, micotrend online and others but still no virus found... I have also > updated my video card settings.. still no good. > > I'm sure its a virus after I took USB stick to a friends BRAND NEW computer > and executed a couple of files from there, after acouple of hours the pc was > doing the exactly the same thing. > > Has getting rid of the 'Zuten Trojan' solved any of your problems? I am > finding it hard to finds any info on it? > > Any help would be great > > Owen. > > > "Serge" wrote: > > <span style="color:green"> >>MG> The Minidump subfolder in the WINDOWS directory should be >>MG> recreated if/when another minidump is made. >> >>As it is not needed, I will let it recreate itself. >> >>MG>You could post to a CA User Group Forum and see if anyone >>MG> else received the same False Positive: >> >>In CA Home/Home Office Forum I have managed to find the following message >>dated 31/07/2008: >>---------------------------------------------------------------------------------------------- >>Hello, >>This is the best string I could find for MY message. I have been a McAfee >>user for years, and currently have their "Total Protection" software >>installed. However, I have never totally trusted their anti-spy software, >>thus I had also purchased CA Anti-Spy. >> >>Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer, >>and reported it as a password stealer! >> >>I immediately quarantined it, and the deleted it as well! I also immediately >>began changing ALL of my passwords! >> >>However, before I could re-set one of my site passwords for the "Stats >>function" it had ALREADY been accessed! >> >>Luckily, the site wasn't imperative, thus doing little/no harm! >> >>My point is THIS! My McAfee was in FULL action, and active, YET it NEVER >>detected a thing! It was my CA Anti-spy, which located, and warned me about >>the TROJAN!! >> >>Thank YOU CA!!! >> >>End of message. >>------------------------------------------------------------------------------------------------ >>In c:windowsdebug I found a file called Passwd.log. The log was blank. >>I could not find any sensible info on this Passwd.log. Unless I can find >>otherwise, I will treat my “Trojan Zuten†as a false positive. >> >>I am open to any further suggestions. >> >>Thanks for your help. >> >> >>Serge >> >> >>"MowGreen [MVP]" wrote: >> >><span style="color:darkred"> >>>The Minidump subfolder in the WINDOWS directory should be recreated >>>if/when another minidump is made. You could recreate it if you really >>>want to. >>>You could post to a CA User Group Forum and see if anyone else received >>>the same False Positive: http://causergroups.ca.com/ >>> >>> >>>MowGreen [MVP 2003-2008] >>>=============== >>> -343- FDNY >>>Never Forgotten >>>=============== >>> >>> >>>Serge wrote: >>> >>> >>>>MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False >>>>MG>Positive. >>>> >>>>Yes, that is my wish. I did not mention that I was also running Comodo BO >>>>Clean in the background. >>>> >>>>MG> In XP, the Default location of minidump files is in the Minidump >>>>MG> subfolder located at WINDOWSMinidump. Is anything present in that >>>>MG> subfolder…. >>>> >>>>CA Anti-Spyware was set to delete spyware and cookies automatically once >>>>quarantined. The c:windowsminidump subfolder can not be found. I can only >>>>assume that it was deleted by the CA Anti-Spyware as it assumed that it >>>>contained the Zuten Trojan. >>>> >>>>Do I need to make a minidump subfolder? If yes how do I do it? >>>> >>>>MG> and, have you read CA's page on Zuten? >>>>MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752 >>>> >>>>Yes, I did read the CA’s page on Zuten. >>>> >>>>Thanks for your help. >>>> >>>>Serge >>>> >>>> >>>>"MowGreen [MVP]" wrote: >>>> >>>> >>>> >>>>>Serge, >>>>> >>>>>CA detecting a "trojan" in a minidump file 'sounds' like it's a False >>>>>Positive. Perhaps it's detecting that the system is sending the minidump >>>>>file to Microsoft and thinks it's a "trojan" ? >>>>>In XP, the Default location of minidump files is in the Minidump >>>>>subfolder located at WINDOWSMinidump >>>>>Is anything present in that subfolder and, have you read CA's page on >>>>>Zuten ? >>>>>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752 >>>>> >>>>> >>>>>MowGreen [MVP 2003-2008] >>>>>=============== >>>>> -343- FDNY >>>>>Never Forgotten >>>>>=============== >>>>> >>>>> >>>>> >>>>>Serge wrote: >>>>> >>>>> >>>>> >>>>>>Windows XP Media Center Edition 2005 >>>>>>SP3 >>>>>>CA Anti-Virus Plus CA Anti-Spyware 2008 >>>>>>---------------------------------------------------------- >>>>>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan. >>>>>> >>>>>>CA Anti-Spyware was set to delete spyware and cookies automatically once >>>>>>quarantined. >>>>>> >>>>>>Log shows: Quarantined Zuten Trojan was in Folder: C:windowsminidump >>>>>>and 3 cookies were also found >>>>>> >>>>>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten >>>>>>Trojan were deleted. >>>>>> >>>>>>.The c:windowsminidump file can not be found. I can only assume that the >>>>>>file was deleted by the CA Anti-Spyware with the Zuten Trojan. >>>>>> >>>>>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender. >>>>>>I also ran a complete Windows Live One Care and nothing was found. >>>>>> >>>>>>My computer appears to be running normally. Should I be taking any further >>>>>>action? >>>>>> >>>>>>If I am in the wrong place, please point me in the right direction. >>>>>> >>>>>>Serge >>>>>> >>>>></span></span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.